Description
CVE-2016-0821 - High Severity Vulnerability
Vulnerable Library - linuxlinux-3.5
Apache Software Foundation (ASF)
Library home page: https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/?wsslib=linux
Found in HEAD commit: ac11c9631a8abeed315b67913aab3ba7a400aef3
Found in base branch: cosmic-experimental-1.6
Vulnerable Source Files (3)
Vulnerability Details
The LIST_POISON feature in include/linux/poison.h in the Linux kernel before 4.3, as used in Android 6.0.1 before 2016-03-01, does not properly consider the relationship to the mmap_min_addr value, which makes it easier for attackers to bypass a poison-pointer protection mechanism by triggering the use of an uninitialized list entry, aka Android internal bug 26186802, a different vulnerability than CVE-2015-3636.
Publish Date: 2016-03-12
URL: CVE-2016-0821
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2016-0821
Release Date: 2016-03-12
Fix Resolution: 4.3
Step up your Open Source Security Game with WhiteSource here